[Snort-users] bittorrent generating alerts
infiniteedge at ...1936...
Thu Nov 6 02:59:16 EST 2003
im running a fairly standard install of snort, no heavy customizations.
i seem to be getting a lot of [executable code detected] whenever
bittorrent is running. its annoying because its priority 1 alerts. how
do i write a rule (i guess a pass rule?) for bittorrent?
second, what is the best way to output your logs ON WINDOWS? i was
dumping them into a mysql database, but i had trouble with the
post-processing. acid has too many freakin dependencies. so it to
syslogd and got eventsentry to email me priority 1 alerts. but theres
very little data in the emails. i've been using -b so i get tcpdump
logs and looking at them in ethereal, but sometimes theyre just too
cryptic or dont contain enough of the session for me to tell whats going
on. i still dont know how im being attacked!? somebody help!
ps. thank you
More information about the Snort-users